Home > Security Bulletins > Mac Sonoma security updates

Mac Sonoma security updates

Mac Sonoma security updates

Summary

Apple has released security updates regarding vulnerabilities. These updates are now within version 14.3 Sonoma.

Affected products

The following products received a security patch with a description from Apple on what the vulnerability allowed to.

  • Apple Neural Engine, CVE-2024-23212, “An app may be able to execute arbitrary code with kernel privileges”
  • CoreCrypto, CVE-2024-23218, “An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key”
  • Finder, CVE-2024-23224, “An app may be able to access sensitive user data”
  • Kernel, CVE-2024-23208, “An app may be able to execute arbitrary code with kernel privileges”
  • LLVM, CVE-2024-23209, “Processing web content may lead to arbitrary code execution”
  • Mail Search, CVE-2024-23207, “An app may be able to access sensitive user data”
  • NSSpellChecker, CVE-2024-23223, “An app may be able to access sensitive user data”
  • Safari, CVE-2024-23211, “A user’s private browsing activity may be visible in Settings”
  • Shortcuts, CVE-2024-23204 and CVE-2024-23203, “A shortcut may be able to use sensitive data with certain actions without prompting the user”
  • TCC, CVE-2024-23215, “An app may be able to access user-sensitive data”
  • Time Zone, CVE-2024-23210, “An app may be able to view a user’s phone number in system logs”
  • WebKit,
    • CVE-2024-23206, “A maliciously crafted webpage may be able to fingerprint the user”
    • CVE-2024-23213, “Processing web content may lead to arbitrary code execution”
    • CVE-2024-23214, “Processing maliciously crafted web content may lead to arbitrary code execution”
    • CVE-2024-23222, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.”

More information can be found here